C:\AMD\Packages\Apps\Radeon-Crimson-ReLive-16.12.1-ccc-slim-161208WHQL\ccc-slim.msi: Win.Trojan.Agent-5309166-0 FOUND
C:\AMD\Packages\Apps\Radeon-Crimson-ReLive-16.12.1-ccc-slim-161208WHQL.exe: Win.Trojan.Agent-5309166-0 FOUND

How do I find out what exactly triggered it thinking these contained a Trojan? VirusTotal says they're clean, but how do I know they don't actually contain a Trojan or Trojan-like code that could be exploited nefariously?

Virus Total is pretty good. I think you can believe them. They scan with about 60 AVs now. Note the comment about the file being harmless--they don't do that for every file even if there are no detections.

If you are really extra concerned about malware infections, run a real-time AV and an antimalware program. There are lots of real-time AVs--some of them are free. The free versions of Malwarebytes antimalware and Zemana antimalware are good but they do not scan in real-time for free. Pick one of them (I like Zemana but it has some growing pains) and do a daily on-demand scan with it. Keep ClamWin as a backup scanner--updated hourly with daily scheduled scans of memory, user\appdata, system 32, sysWOW64, and windows\temp. That will give you good protection.

Regards,

davebit

Joined: 18 Jan 2016

Posts: 27

Location: America

Posted: Wed Apr 26, 2017 3:27 am

GuitarBob wrote:

Virus Total is pretty good. I think you can believe them. They scan with about 60 AVs now. Note the comment about the file being harmless--they don't do that for every file even if there are no detections.

If you are really extra concerned about malware infections, run a real-time AV and an antimalware program. There are lots of real-time AVs--some of them are free. The free versions of Malwarebytes antimalware and Zemana antimalware are good but they do not scan in real-time for free. Pick one of them (I like Zemana but it has some growing pains) and do a daily on-demand scan with it. Keep ClamWin as a backup scanner--updated hourly with daily scheduled scans of memory, user\appdata, system 32, sysWOW64, and windows\temp. That will give you good protection.

The lines in question came from a ClamWin scan (notice they show FOUND at the end of them).

You recommend running a real-time AV/AM program, but mention Malwarebytes and Zemana then mention they don't do real-time... so I don't know which ones you actually recommend for real-time scanning.

I already have ClamWin run weekly, I don't think it's worth the daily drive grind as I don't use the laptop every day.

GuitarBob

Joined: 09 Jul 2006

Posts: 4317

Location: USA

Posted: Wed Apr 26, 2017 6:14 am

I mentioned MBAM and Zemana free versions because they are good after-the-fact cleaners (in case you didn't want to use real-time), and they are free. I have paid licenses for lots of real-time AVs, but I use Forticlient on my tablet and Windows Defender on my desktop. I keep MBAM, Zemana, Microsoft Safety Scanner, and Kaspersky TDSS Cleaner on USB.

Regards,

davebit

Joined: 18 Jan 2016

Posts: 27

Location: America

Posted: Mon May 01, 2017 12:33 am

GuitarBob wrote:

I mentioned MBAM and Zemana free versions because they are good after-the-fact cleaners (in case you didn't want to use real-time), and they are free. I have paid licenses for lots of real-time AVs, but I use Forticlient on my tablet and Windows Defender on my desktop. I keep MBAM, Zemana, Microsoft Safety Scanner, and Kaspersky TDSS Cleaner on USB.

Regards,

OK, thanks Bob, I'll try those.

davebit

Joined: 18 Jan 2016

Posts: 27

Location: America

Posted: Mon May 01, 2017 12:51 am

GuitarBob wrote:

I mentioned MBAM and Zemana free versions because they are good after-the-fact cleaners (in case you didn't want to use real-time), and they are free. I have paid licenses for lots of real-time AVs, but I use Forticlient on my tablet and Windows Defender on my desktop. I keep MBAM, Zemana, Microsoft Safety Scanner, and Kaspersky TDSS Cleaner on USB.

It is very similar to MS Windows Defender/Security Essentials, but I have seen my Windows Defender miss some PUPS ( potentially unwanted programs) that were detected in a subsequent MSERT (Saftey Scanner) scan. I'm sure they will both catch the real bad malware. There can be a difference difference between a real-time scan and an on-demand scan. A real-time scanner has to react quicker than an on-demand scanner, which might be able to employ more resources in detection.

Regards,

ROCKNROLLKID

Joined: 23 Sep 2013

Posts: 562

Location: **UNKNOWN**

Posted: Mon May 01, 2017 6:20 pm

Sorry if this comes late, but you can actually delete the entire C:/AMD folder, as there is anything important there. It is only a backup copy of the setup files.

davebit

Joined: 18 Jan 2016

Posts: 27

Location: America

Posted: Sun May 28, 2017 8:57 pm

Is there some way to figure out why ClamWin thinks Win.Trojan.Agent-5309166-0 is in these AMD files or what this actual "Trojan" is? I'm having a hard time getting any specific or pertinent info, my searches for it seem to just give useless or generic or hard-to-understand info.

GuitarBob

Joined: 09 Jul 2006

Posts: 4317

Location: USA

Posted: Sun May 28, 2017 11:30 pm

That would be hard to determine. The Clam AV signatures used by ClamWin consist of various types: file hashes, bits of code (strings), and bytecode or other "heuristics". You would have to get the Clam AV people to tell you what they used. Most likely, the signatures detecting your files consist of strings/code that can be used by either malware and goodware, and Clam AV did not have any relevant goodware on the false positive "farm" that it uses to check its signatures before they are published.

I really wouldn't worry about this. Just upload the files to Clam AV and tell them about the false positive(s). You can whitelist the files yourself (if interested) in ClamWin, but that will not do anyone but you any good--it's better to tell Clam AV about the false positives.

Let us know if there's anything else we can do to help with this. Otherwise, I think we've covered it enough.